Sky Mavis Offers Hefty Bug Bounty After Losing $625 million in Major Hack


Sky Mavis, the developer studio of popular NFT game Axie Infinity, is ramping up efforts to secure its networks. The firm is offering up to $1 million (roughly Rs. 7.5 crore) as a bug bounty to developers who could identify security loopholes in its networks. The step follows a mega hack incident that drained Sky Mavis’s Ronin Network out of $625 million (roughly Rs. 4,729 crore). The Ronin Network is an Ethereum-linked sidechain built by Sky Mavis for blockchain gaming specifically.

In a detailed blog, Sky Mavis has called out for responsible disclosure of security vulnerabilities that may affect its working and users.

“While researching, we’d like to ask you to refrain from doing automated testing, denial of service, spamming, spoofing, and phishing. Performing further attacks once you have proof of Remote Control Execution (RCE) attacks may have your bounties forfeited,” the policy section of the bug bounty programme read.

The rewards will be paid in the form of Axie Infinity’s native token AXS. As per CoinMarketCap, each AXS is currently priced $48 (roughly Rs. 3,673).

“Only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards. Determination of whether a reported issue sufficiently meets the bar for monetary rewards is done at Sky Mavis’s discretion,” the blog added.

The hack attack on the Ronin Network was discovered by Sky Mavis on March 23, making for the largest-ever loot to have been extracted out of a blockchain hack.

The attacker had cracked the control of Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO (decentralised autonomous organisation).

A legal investigation is underway in the case.

Sky Mavis has meanwhile, raised $150 million (roughly Rs. 1,142 crore) in a recent funding round led by crypto exchange Binance. The funds will be used to reimburse victims of the Ronin attack.

Overall, cyber criminals last year stole over $1.3 billion (roughly Rs. 9,606 crore) from hacking the blockchain sector, a report by blockchain research firm CertiK had claimed in January.

Affiliate links may be automatically generated – see our ethics statement for details.



Please enter your comment!
Please enter your name here